All Apps and Add-ons

Home Monitor: How to configure the app with a Buffalo DDWRT router?

ls3
New Member

How do I configure the Home Monitor app with a Buffalo DDWRT router?

0 Karma

amiracle
Splunk Employee
Splunk Employee

Have you seen the latest blog post showing you how to setup DD-WRT for the Home Monitor app : http://amiracle19.blogspot.com/2016/02/adding-dd-wrt-sourcetype.html

Here is the props.conf entry that you'll need to make :

[dd-wrt]
pulldown_type = 1
EXTRACT-action = (?i) .*?: (?P<action>\w+)(?= )
FIELDALIAS-dst = DST as dest_ip
FIELDALIAS-dpt = DPT as dest_port
FIELDALIAS-proto = PROTO as protocol
FIELDALIAS-SPT = SPT as src_port
FIELDALIAS-SRC = SRC as src_ip
EVAL-direction = if(match(OUT,"eth*"), "out", "in")
LOOKUP-action_lookup = action_lookup action OUTPUT action2
LOOKUP-rdns = dnsLookup ip AS dest_ip OUTPUTNEW host as rdns_host

I hope that fixes your issue.

-Kam

0 Karma

amiracle
Splunk Employee
Splunk Employee

The first thing I would do is get the data from the router to your Splunk server via syslog (UDP 514). Once you've accomplished that, then you can use the [netgear] source type, which I believe is closest to the way DDWRT logs the events, to start populating your data. If you want, you can post a sample of the events coming from your router to this post. I can then help you 'source type' that data.

0 Karma
Get Updates on the Splunk Community!

Extending Observability Content to Splunk Cloud

Register to join us !   In this Extending Observability Content to Splunk Cloud Tech Talk, you'll see how to ...

What's new in Splunk Cloud Platform 9.1.2312?

Hi Splunky people! We are excited to share the newest updates in Splunk Cloud Platform 9.1.2312! Analysts can ...

What’s New in Splunk Security Essentials 3.8.0?

Splunk Security Essentials (SSE) is an app that can amplify the power of your existing Splunk Cloud Platform, ...